File _service:tar_scm:fix-CVE-2024-39133.patch of Package zziplib

From 550e30e76a550d933fe72fc14209403c48d5f5bf Mon Sep 17 00:00:00 2001
From: vlefebvre <valentin.lefebvre@suse.com>
Date: Tue, 6 Aug 2024 16:01:02 +0200
Subject: [PATCH] parse_root_dir: Verify size of extra obtained
Reference:https://github.com/keentux/zziplib/commit/550e30e76a550d933fe72fc14209403c48d5f5bf

* Fix the issue #164 where extra_ptr could be alocated without enough
  bytes to check the magic value.

Signed-off-by: vlefebvre <valentin.lefebvre@suse.com>
---
 zzip/zip.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/zzip/zip.c b/zzip/zip.c
index 56b5966..d4c447e 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -524,7 +524,8 @@ __zzip_parse_root_directory(int fd, struct _disk_trailer* trailer, struct zzip_d
         hdr->d_namlen         = u_namlen;
 
         /* looking for ZIP64 extras when csize on intmax */
-        if (u_extras && (hdr->d_csize & 0xFFFFu == 0xFFFFu)) {
+        if (u_extras >= __sizeof(struct zzip_extra_zip64) &&
+            (hdr->d_csize & 0xFFFFu == 0xFFFFu)) {
             DBG3("%i extras bytes (%i)", u_extras, sizeof(struct zzip_extra_zip64));
             zzip_off64_t zz_extras = zz_offset + sizeof(*d) + u_namlen;
             zzip_byte_t* extras_ptr;
-- 
2.27.0